19 February 2018

Working with SDN ecosystems

Networks
were easy to understand whenIT
engineers worked
with
physical servers with physical network interfaces and
unique
IP addresses. This was easy to understand and configure. We
saw it and we touched it. However,
there
are increasingly applications and servers, which are hosted in
virtual platforms
or into the Cloud, where
these applications and servers are available from anywhere at any
time, and
they have virtual network interfaces with virtual IP addresses.
This is difficult to understand for those who have
always
been
working with
physical infrastructures.
However,
applications
and servers are no longer physical. If
we want to take advantage of new technology, we
should
learn,
understand and study how this new virtual world works.

Lately,
I’ve been
writing about Public Clouds, such asAWS
Cloudor
Microsoft Azure,where everything is virtual and we
even don’t know exactly where our applications are hosted.
However, if we create
our virtual Data Centeror
deploy a Private Cloud, we can use
Software-Defined
Networking (SDN)
and Security
solutions, such asVMware vCloud Networking and Security
(vCNS), which are
useful for creating virtualized networks as
well as protecting our applications. For
instance, these solutions, based on SDN, help us to deploy virtual
firewalls and load balancers into our own
platform.

Software-Defined Networking and Security

VMware
NSXis the
next generation of vCNS and it’s more
than a Software-Defined
Networking (SDN)
and Security
solution but it’s a Software-Defined
Data Center (SDDC) solutionwhich help us to create virtual distributed
firewalls and load balancers as well as enabling micro-segmentation
or configuring VxLAN.
This is a solution to build network
architectures in software which also enhances
security into the virtual ecosystem. Nothing about physical network
interfaces and nothing about hardware
appliances. Everything is virtual and everything is software.

Software-Defined Data Center (SDDC)

One
of the greatest change in this new virtual world is, from my point of
view, firewalling. Today, there are security engineers who still
think about the traditional firewall model, which allows or denies
traffic into the perimeter network.
However, you have to throw
away your firewalls because this
is not enough, and applications should also
be protected from inside the datacenter.
For instance, Amazon
Security Groups and VMware NSX help us to
configure firewall rules for each virtual machine, protecting
applications from inside the datacenter.

Intuitive Firewall Rules with VMware NSX

Once
we choose to deploy Software-Defined Networks (SDN), it seems
more difficult to deploy security platforms
such as IDS/IPS
systems but it’s
not impossible. Most virtual and cloud
platforms have also networking and security features for log analysis
and traffic analysis,
which are useful for troubleshooting as
well as for integrating with IDS/IPS
virtual appliances. Thanks to port-mirroring features into virtual
switches, we can
keep analysing traffic of virtual machines.

VMware Port-Mirroring

I
think, Software-Defined Networks (SDN) are
just the beginning. We’ll increasingly see Software-Defined Data
Center (SDDC) where we’ll enable
micro-segmentation and workflows for virtual machines and we’ll
forget buying lots of hardware
servers.